whole the network is secured by McAfee Enterprise 8.8 VirusScan with latest update. on some client PC when attached a PenDrive those time all files gone hidden and some shortcut folder(my music, my documents .. etc) has been created automatically. VirusScan can't find any virus inside there. When take a look on the hidden files those time saw that some unknown Executable file inside there. If deleted that although not solved even added that Executable files on McAfee Unwanted files to deleted that when find inside the PC or PendDrive. But after sometime saw that problem isn't solved and the Executable files changed their own name and keep doing the same problem.

Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

thanks for the reply and i can delete all of them(included hidden executable files) but the problem is after sometime it will be created again with new file name(Example; before it was; abc.exe and when deleted that file after then it will be created with new file name like xyz.exe. as it can change it's own file name that's why not working if i added that on the unwanted programs Policies on McAfee Enterprise). so the source might be inside the PC but it can't make any trouble on PC, only doing that on the PenDrive. More even the user was logged in they haven't installation rights on the domain and on domain policy has blocked to install anything from the removable drive ...

Quote

(if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.)

As for your problem, It looks like the case, that PC is infected, maybe it's a memory resident?I don't know... but if you delete the files from linux maybe? (a live CD or something.. you can even use a Virtual Machine)

Hi MM, like "jheysen", I'm also 99% sure that this cause some nasty virus...

Check this solution also:

Quote

1. If you did not format your flash drive, then check whether the files are not in hidden mode (Go to folder options-> view tab and uncheck the option of “Hide protected operating system files(Recommended)).

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

Nothing new yet, as i told you that it's not my problem and on my network and system has no trouble like that. it's a friend's office network and that's a Govt. office and you know how lazy they are on their own trouble! still i didn't get that virus file which isn't detected by McAfee Enterprise(that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

... still i didn't get that virus file which isn't detected by McAfee Enterprise (that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..